Internet Protocol (IP) is defined as a routable protocol within the TCP/IP architecture that manages addressing and routing of data packets across networks, functioning in a connectionless manner without establishing a session prior to data transmission. IP packets include essential information such as source and destination addresses, identification, protocol type, checksum for error control, and time-to-live (TTL) to prevent endless circulation in the network.
A device that requests a service from a remote computer.
Internet
An internet is a collection of networks connected together. The Internet is a global collection of interlinked networks. Computers connected to the Internet communicate via the Internet Protocol (IP).
Internet Protocol
A protocol that was designed to provide a mechanism for transmitting blocks of data called datagrams from sources to destinations, where sources and destinations are hosts identified by fixed length addresses.
Protocol
A description of the messages and rules for interchanging messages in intercomputer communication.
Server
A device (normally a computer) that provides a service when it receives a remote request.
TCP
Transmission control protocol. A protocol that provides reliable connections across the Internet. Protocols other than TCP may be used to send messages across the Internet.
TCP/IP
Transmission control protocol implemented on top of the Internet protocol. The most commonly used protocol combination on the Internet.
IP protocol is a primary and well-adopted standard protocol for network communication. Now two versions of IP, that is, IPv4 and IPv6 are being used. The IoT devices are connected to the Internet through IP stack. This connection requires significant amount of power and memory. IoT devices may also get connected using NON-IP communication channel like Bluetooth, RFID, and NFC. These NON-IP communication channels are only suitable for small area network (very limited range). The IP stack was needed to be modified to be used in low-power communication. One such example is 6LoWPAN. It uses IPv6 PAN with very less power consumption. Such protocols can be used within rage equivalent to LAN and power consumption as low as PAN [25].
The Internet refers to the worldwide interconnection of packet networks that all use a suite of protocols that originated in the famous ARPANET project of the 1970s. In this protocol suite, IP (Internet Protocol) is the network layer protocol, and TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the most commonly used protocols at the transport layer. The common noun “internet” is often used to connote a network that uses the Internet protocol suite. The IP protocol can operate over any link layer (and, by implication, any physical layer) that can transport IP packets. Because it simply requires the implementation of a packet driver to carry packets over any bit carrier, an internet can be operated over essentially any bit-carrier infrastructure. The Internet protocol suite also does not define the layers above the transport layer. Thus, for the Internet, Figure 2.21 simplifies to the depiction in Figure 2.27 (we show many more packet switches, and the physical layer is implicit in the links). We will see later that this is a simplified representation; for example, an application may run directly over IP (thus taking care of its transport needs itself).
Figure 2.27. The Internet protocol architecture; “Apps” means applications. In this simplified depiction, the packet switches are shown to have only IP and the link layer. The end nodes have the transport protocol in addition to IP and the link layer.
The most widely deployed version of IP is version 4, which uses 32-bit addresses. The network address of an entity is also called its IP address. As in most communication networks, the addresses in the Internet are hierarchically assigned. The address of each device comprises some contiguous high-order bits that identify the subnetwork in which the device resides; this is also called the network prefix. The remaining bits identify the device uniquely in the subnetwork. So, for example, all the addresses in a campus may be of the form 10010000.00010000.010xxxxx.xxxxxxxx, where each x can be 0 or 1. In such a case the network prefix is 10010000.00010000.010, and it is of length 19 bits.
Unlike circuit-multiplexed networks or the packet-multiplexed X.25 and ATM networks, internets do not fix a path for the packet flow on a connection. The network simply provides connectivity between end points. Every packet carries the full network address of its destination end point. Each packet switch looks at the arriving packets, consults a routing table (which actually deals with network prefixes), and forwards the packet to an outgoing link that, hopefully, carries it closer to its destination. By rejecting the virtual-circuit approach in favor of per-packet, hop-by-hop, best-effort routing, the Internet gains the advantages of (1) quick delivery of small amounts of data, (2) automatic resilience to link failures, and (3) ease of multicast (i.e., the transmission of a packet to multiple destinations by replicating it at appropriate points in the network, rather than by the source sending multiple copies of the packet).
Notice that because IP routes each packet as a separate entity, it is possible for consecutive packets of the same session to follow different routes and then, owing to different delays on the routes, arrive out of order. The IP layer at the destination simply delivers the packets out of order! Measurements showing that there can be significant packet reordering in the Internet have been reported in [29]. In addition, a link layer may discard a packet after unsuccessfully attempting it a few times. A packet may also be discarded at the queue of a physical link because of exhaustion of buffer space or some packet scheduling decision. Hence the packet delivery service that the IP layer provides is unreliable and nonsequential. This is known as a datagram delivery service.
Figure 2.28 shows a fragment of an internet's topology. Each router is attached to physical links by its interfaces. Note that a multipoint link can have many routers attached to it. All the devices attached to a link are each other's neighbors. The Internet is equipped with routing protocols that permit routers to identify good paths on which to forward packets. These protocols work on the basis of metrics assigned to the network links and a distributed algorithm for determining shortest paths under these metrics. Note that a routing protocol is also an application running on the network! Hence it needs to use the packet transport services of the network. Fortunately there are distributed algorithms that can learn shortest paths through the network, and, in the execution of these algorithms, nodes need only exchange packets with their neighbors. Hence routing in an internet can bootstrap itself. A simple protocol (aptly called the Hello protocol) is used by routers to discover neighbors. After neighbors are discovered they begin to exchange routing protocol packets, which are used in computations that gradually lead to all the routers to learn shortest paths to network prefixes. One such distributed algorithm works by each router informing its neighbors about the status of the links to which the router is attached. This information is flooded through the network. Eventually every router obtains these link state advertisements (LSAs), which can be put together to obtain a full topology view in each router. A shortest path computation can then be locally performed and routing tables built up in each router. This algorithm is implemented by the currently most popular routing protocol, OSPF (Open Shortest Path First). The OSPF protocol is a routing application protocol, but it does not utilize the services of a transport protocol, instead running directly on the IP layer in routers.
Figure 2.28. A fragment of an internet, showing routers (labeled R), hosts, and links (including multipoint “links,” such as LANs).
The basic Internet packet transport does not promise any QoS to the traffic streams it carries. The network provides connectivity and routing; any user attached to the Internet can initiate multiple flows. There is no connection admission control (CAC); all the flows end up sharing the network resources. Thus the Internet transport provides a highly variable quality of service that can vary widely depending on geographical location and time of day. To bring some sanity to the situation and to enforce some fairness in bandwidth sharing, the end-to-end Transmission Control Protocol (TCP) implements an adaptive window protocol. This protocol reacts to packet losses by reducing its window size and then slowly building it up again. This function of congestion control and bandwidth sharing is in addition to the two other functions that TCP performs: (1) reliable and sequential packet transport over IP's unreliable and nonsequential packet transport service, and (2) sender–receiver flow control (which prevents, for example, a fast computer from flooding a slow network printer).Chapter 7discusses TCP's congestion control and bandwidth-sharing function at length.
UDP (User Datagram Protocol) is another popular layer 4 protocol. This protocol simply permits a user above IP to utilize the basic datagram delivery service, thereby multiplexing several flows into one IP address. Note that this is the logical multiplexing of several flows originating and terminating at a common IP address. It should be distinguished from the physical multiplexing of flows into a bit carrier, something that is a link layer function. We distinguish the different flows by assigning them different UDP port numbers. UDP is used by applications, such as packet voice telephony, that must receive guaranteed service rates in the network and cannot deal with packet loss by retransmission, and hence cannot use the services of TCP. Other mechanisms, above the transport layer, are used to facilitate such applications.
We have stated that the Internet's packet transport is not designed to provide specific QoS to the flows it carries. The service model is quite simple. Nodes that have valid IP addresses can attach themselves to the network and send IP packets back and forth between themselves. The network provides an unreliable, nonsequential packet transport service, with no guarantee of transfer rate or delay, often called best-effort service. The network does not distinguish between the various traffic flows; it does the best it can, treating everyone alike. The idea is that the applications best know what they need and should adapt to the transport that the network provides by using end-to-end mechanisms. TCP's mechanisms for achieving a reliable and sequential packet transport service over the Internet, and some sort of fair sharing of network bandwidth, are a prototypical example of the end-to-end approach. Over the past decade, however, the Internet has become the packet transport network of choice for all kinds of store-and-forward data transfer and increasingly is being used by applications that require some minimal quality of packet transport. Broadly there are two approaches that can be followed to provide some level of QoS over the Internet: new QoS architectures and traffic engineering.
Two QoS architectures have been proposed and extensively studied: the Integrated Services Architecture, abbreviated as IntServ, and the Differentiated Services Architecture, abbreviated as DiffServ. The proposals in the IntServ architecture essentially allow each session arriving to the network to request QoS guarantees; it must declare its traffic characteristics to the network, and the network has the choice of rejecting the request or accepting it at some lower level of QoS. This architecture requires signaling protocols to be put in place, and packet-scheduling mechanisms are needed at the packet-multiplexed links. Evidently, these protocols and scheduling mechanisms need to be implemented in every router in parts of the network over which such QoS guarantees are needed.
In the high-speed core of the network, the session arrival rates and the packet rates are too high to permit session-by-session analysis and packet-by-packet scheduling. Hence, as in other transport systems (e.g., airlines and railways), it has been argued that only a few levels of differentiation may suffice (e.g., first class, business class, and economy class). The classes are, of course, priced differently. At the simplest level, there may be one priority class of traffic (reserved, for example, for interactive packet telephony), and another class for the remaining traffic. There could be one additional class for the premium store-and-forward traffic, and the remaining traffic could be handled by the default best-effort packet transport. This idea has led to the DiffServ proposals. The scheduling at the links distinguishes a few classes of packets (e.g., 2, 3, or 8, depending on the choice of the network operator). The class of a packet is identified by the contents of its header; such classification can be based on six special bits in the IP header, called the DS code (DiffServ code), and could also be based on source and destination addresses and even the source and destination transport protocol port numbers. The schedulers are aware only of such packet aggregates; there is no awareness of individual so-called microflows. A DiffServ core network may put a limit on the amount of traffic of each class it is willing to accept from each customer network that transports traffic through it. If a network violates such restrictions, the DiffServ core can reject the excess traffic or handle it at lower levels of service. It is up to the edge nodes of the customer network to police the traffic that it offers to the DiffServ core.
It has been argued that in conjunction with an IntServ architecture in the lower-speed edges of the network, a DiffServ architecture would suffice in the core to provide an overall end-to-end QoS to applications.
The other approach for providing QoS over the Internet is traffic engineering. Clearly, if there is sufficient bandwidth the best-effort packet transport suffices.
With the rapid deployment of optical networks, even to within a few hundred meters of network access points, it is becoming easier and less expensive to quickly deploy additional bandwidth where there are bottlenecks. Hence, it has been argued that it suffices to manage QoS by network and traffic engineering. The network topology (node placement, node interconnection, and link capacities) should be properly designed with the expected traffic in mind, and it should be tolerant of link failures. It also should be possible to deploy new bandwidth when needed. Furthermore, in the operating network the traffic should be carefully routed to prevent the formation of bottlenecks, and the routing should be monitored and revised from time to time. Traffic engineering alone, of course, cannot address the problem of congestion in access networks.
Finally, to end this section, we turn to the components of Internet hosts and routers. Figure 2.29 shows the protocols implemented in a typical Internet host. This host can handle email because it has SMTP (Simple Message Transfer Protocol) and can browse the Web because it has HTTP (Hypertext Transfer Protocol); both of these protocols run over TCP. The host can also participate in a packet voice call, something that requires the RTP (Real Time Transport) protocol, which in turn runs on UDP's simple datagram service.
Figure 2.29. The typical protocols in an end system (or host) attached to the Internet.
Now let us look at the components of an Internet router (see Figure 2.30). A router is a packet switch and hence moves packets between several links. In the figure, the router shown has three links: a link to a wide area network (WAN), a link into a LAN, and a dial-up link (into which a connection can be made over the telephone network). There is a link protocol for each physical link: HDLC (High-Level Data Link Control) for the WAN link, the IEEE standard link protocol (IEEE 802.2) for the LAN link, and PPP (Point to Point Protocol) for the dial-up link. The IP layer runs across all these link layers and forwards packets between them. The packet switching could simply be done by reading into and copying out of the processor memory, or there could be a hardware switching fabric in a high-capacity router; the switch is not shown. In addition to these components (which were also depicted in Figure 2.27), there is a routing protocol (shown here directly over IP, as is the case for OSPF). There is telnet, a protocol for permitting an administrator to log in to the router to configure its parameters; because telnet requires TCP, TCP must also be implemented on a typical router. Furthermore, there is a network management protocol that is used to monitor the traffic in the router and the status of its links. As mentioned earlier, SNMP is the commonly used protocol for network monitoring and management in the Internet, and, as shown in Figure 2.30, it operates with UDP as the transport protocol. The bottom part of Figure 2.30 shows what is involved in routing a packet from one port to another. Not only must IP do forwarding, but there is also the need to classify the packets into QoS classes to appropriately queue them at the output port; two queues are shown in the figure, perhaps a high-priority queue for voice packets and a low-priority one for data packets.
Figure 2.30. The protocols in a router (top) and the way an IP packet is forwarded from one interface of a router to another (bottom).
The Internet Protocol (IP) [Los97, Sta97A] is the fundamental protocol on the Internet. It provides connectionless, packet-based communication. Industrial automation has long been a good application area for Internet-based embedded systems. Information appliances that use the Internet are rapidly becoming another use of IP in embedded computing. The term Internet generally refers to the global network of computers connected by the IP. However, it is possible to build an isolated network not connected to the global Internet that uses IP.
Internetworking
IP is not defined over a particular physical implementation; it is an internetworking standard. Internet packets are assumed to be carried by some other network, such as Ethernet. Generally, an Internet packet travels over several different networks from source to destination. The IP allows data to flow seamlessly through these networks from one end user to another. The relationship between IP and individual networks is illustrated in Fig. 8.5. IP works at the NWK layer. When node A wants to send data to node B, the application’s data pass through several layers of the protocol stack to get to the Internet Protocol, which then creates packets for routing to the destination. These are then sent to the data link and PHY layers. A node that transmits data among different types of networks is known as a router. The router’s functionality must go up to the IP layer, but because it does not run applications, it does not need to go to higher levels of the OSI model. In general, a packet may go through several routers to reach its destination. At the destination, the IP layer provides data to the transport layer and ultimately to the receiving application. As the data pass through several layers of the protocol stack, the IP packet data are encapsulated in packet formats appropriate to each layer.
FIGURE 8.5. Protocol utilization in Internet communication.
IP packets
The basic format of an IP packet is shown in Fig. 8.6. The header and data payload are both variable in length. The maximum total length of the header and data payload is 65,535 bytes.
FIGURE 8.6. Internet protocol packet structure.
An Internet address is a number (32 bits in early versions of IP, 128 bits in IPv6). The IP address is typically written in the form xxx.xxx.xxx.xxx. The names by which users and applications typically refer to Internet nodes, such as foo.baz.com, are translated into IP addresses via calls to a DomainNameServer (DNS), one of the higher-level services built on top of IP.
The fact that IP works at the network layer tells us that it does not guarantee that a packet is delivered to its destination. Furthermore, packets that do arrive may come out of order. This is referred to as best-effort routing. Because routes for data may change quickly with subsequent packets being routed along different paths with different delays, the real-time performance of IP can be hard to predict. When a small network is contained totally within the embedded system, performance can be evaluated through simulation or other methods because the possible inputs are limited. Because the performance of the Internet may depend on worldwide usage patterns, its real-time performance is inherently harder to predict.
IP services
The Internet also provides higher-level services built on top of IP. The TransmissionControlProtocol (TCP) is one such example. It provides a connection-oriented service that ensures that data arrive in the appropriate order, and it uses an acknowledgment protocol to ensure that packets arrive. Because many higher-level services are built on top of TCP, the basic protocol is often referred to as TCP/IP.
Fig. 8.7 shows the relationships between IP and higher-level Internet services. Using IP as the foundation, TCP is used to provide File Transport Protocol (FTP) for batch file transfers, Hypertext Transport Protocol (HTTP) for World Wide Web service, SimpleMailTransferProtocol (SMTP) for email, and Telnet for virtual terminals. A separate transport protocol, the UserDatagramProtocol (UDP), is used as the basis for the network management services provided by the SimpleNetworkManagementProtocol (SNMP).
Internet Protocol (IP) is not just the Internet. It is a very important connectionless layer 3 protocol used to move packets around on the Internet as well as on a lot of other networks. IP allows any computer on the Internet (or another IP network) to locate and exchange packets with any other computer. You often see TCP/IP together, where TCP is a layer 4 protocol often used with IP (as in, for instance, UDP). TCP and UDP are discussed later.
IP addresses are expressed in the dotted decimal format. In version 4 of IP, addresses are 32 bits long. Table 5.4 illustrates the dotted decimal address. The top row gives the dotted decimal representation; the second row expresses this as individual decimal numbers, the third row shows the corresponding binary numbers. This IP address was assigned to the WAN port on the writer's gateway connected to his cable modem at the time of writing. The assignment came from his cable operator. As shown later, the IP address may change from time to time.
Table 5.4. Dotted Decimal Notation for IPv4 Addresses
Dotted decimal
Empty Cell
24.98.160.78
Empty Cell
Base 10
24
98
160
78
Base 2
00011000
01100010
10100000
1001110
The contents of an IP packet are called a datagram. Each datagram, as it traverses the Internet, retains the same source and destination IP addresses, even as it traverses different layer 2 networks. For example, a packet may travel part of the distance on a token ring network, partway on ATM, and partway on Ethernet. These are layer 2 protocols, and each will put on its own layer 2 header as the IP datagram enters that network and strip its layer 2 header when it is handed to another network. But the IP header stays with the datagram during the whole process (though it will be modified in each router through which it passes), defining the ultimate destination of the datagram. (An exception is that a firewall between networks or between a network and a computer may substitute its own IP address for that of the ultimate process using the datagram.)
When switching in a network is done by looking at the layer 3 (IP) address, the device doing the switching is usually called a router. Routers technically have hosts built in, because they themselves can be addressed (they have their own IP addresses), for management purposes.
IPv4 Versus IPv6
IP version 4 (IPv4) is in common use today. For years there has been a desire to replace IPv4 with IPv6, but the difficulty of managing such a change has prevented widespread deployment of IPv6. There are several new features in IPv6, the most notable being the expansion from a 32-bit address to a 128-bit address. This will simplify address management, removing the need for assigning temporary private IP addresses to devices. In addition, the header format is streamlined. A flow label is added to denote a stream of traffic with special QoS needs. Support for both authentication and confidentiality are mandatory, and there are a few other changes. Unless otherwise noted, we are describing IPv4 in this book.
IP Embedded in Ethernet
Figure 5.14 illustrates an IP datagram inside an Ethernet frame. This figure is laid out with four bytes (32 bits) in a horizontal row. Each horizontal row follows serially the one above it.
Figure 5.14. IP Datagram Inside Ethernet Frame.
Compare Figure 5.14 with the illustration of an Ethernet frame in Figure 5.13, which identified all the elements of the Ethernet frame consistent with Figure 5.14. The “Data and pad” of Figure 5.13 are expanded in Figure 5.14 to show the elements of the IP datagram. The elements of the IP header are summarized next.
The IP Header
The first four bits, vers, contain the IP version number, currently 4 (0100) and possibly going to 6 (1010) at some point. The next four bits, hlen, counts the number of 32-bit units in the IP header. The basic IP header as shown is 20 bytes, or five units of 32 bits. We show later that some IP headers are longer as a result of options being embedded. IP defines a number of options that may create a longer header. These are covered in the endnotes. Options include, but are not limited to, the ability to record the route taken by the datagram, the ability to force a particular route, and time stamping.
The next field is a 6-bit field labeled diffserv, for differentiated service. The 6 bits contain a so-called diffserv codepoint (DSCP) value, which tells a router how to handle the packet. Special treatment may include expedited forwarding or extra protection from loss. Most values for this field are not defined in IP but rather are used by different networks in accordance with each network's policies. This field is an important enhancement to IP to bring it closer to parity with the QoS capabilities of ATM or similar protocols. It allows datagrams to be given higher priority if the datagram is something, such as voice, that needs to get through a network quickly. (Note, however, that just because ATM has good QoS features does not mean that they are always used.)
The final two bits in this field, ECN, are the explicit congestion notification field, which provide cooperating routers with a way to improve management of congestion on a link. When a router handling the packet notices that a link is getting congested, it sets these two bits to 11 before forwarding the packet on the congested link. When the packet is ultimately received, the receiving host sees that one of the routes the packet took is congested, so it slows down the sender, using methods shown later in the section on Transmission Control Protocol.
The next two bytes are the payload length, which defines the length of the datagram, not counting the header. IP datagrams can be quite long, though they may well have to be segmented into several packets or cells (depending on the protocol on which it is carried) on any particular transport segment. For example, if the datagram is being carried on Ethernet, as shown in Figure 5.14, the maximum amount of data in the Ethernet frame is 1500 bytes (this includes the IP header and the datagram). If the datagram goes through an ATM network, it will have to be segmented into cells no longer than 48 bytes, as described earlier. If the datagram is too long to fit, it will have to be segmented into several packets. The fragment identifier field is added at the sender, to be used to uniquely identify the packet to which a fragment belongs so that the fragments can be reassembled at the destination. This field is set to a value even if the sender is not fragmenting the packet, because it is possible that a later network will have to fragment it.
The next three bits are flags that instruct routers on segmentation. The first bit is always 0. The next bit, DF, indicates that the packet may not be fragmented. If a router encounters a datagram that is too long and the DF bit is set, then the router has no recourse but to discard the packet. The next bit, MF, indicates that more fragments follow. It is set except on the last segment of a fragmented datagram. Finally, the fragment offset field specifies how far into the datagram the fragment is so that the fragments can be reassembled as one datagram by the time they reach their destination (if not before). It is quite possible that the segments will arrive out of order, so segments received before predecessor segments will have to be held until all segments are received.
The next field is the hop limit. (This was originally called the time to live (TTL) field). The sender sets this field to some value; every time the datagram passes through a router, the field is decremented by 1. If the value reaches 0, the packet is discarded. The hop limit protects the Internet against an undeliverable packet, which would otherwise hop around a network forever if it could not be delivered. This can happen if a routing loop is created; that is, an error in a routing table sends a packet back to the previous router that handled it, which sends it to the router with the errored routing table, which sends it back, etc. If nothing caused the packet to be discarded, it could bounce around forever in the Internet, tying up resources needed by packets that can be delivered.
Next is the next header field, also called the protocol field. This indicates the next higher header, which may be a layer 4 header or may be intimately related to IP. We shall discuss some of these protocols later. Finally, the header checksum provides protection against corruption of the header. Each router that handles the datagram computes the checksum by doing a 16-bit addition of the header, discarding carries. The receiving router does the same computation; if the two disagree, it means that an error was made in the header, so the entire packet is discarded.
Finally, the IP header includes the source and destination IP addresses. These don't change as the datagram traverses the network. Each router handling the packet reads the destination address to know where to send the packet (controlled by a massive and continuously changing routing table in the router) and reads the source address to update its routing table for that address.
Types of IP Addresses
There are three types of IP addresses: unicast, multicast, and broadcast. Unicast addresses are the most straightforward. They are assigned to identify a single interface (for most practical purposes this equates to a single host, though there is a difference). A unicast message is intended for one and only one interface. Multicast addresses identify a set of interfaces. This allows a message to be generated once and sent to a number of interfaces. A router with receiving hosts attached to two or more ports will replicate the packets on each port. Multicast addressing is useful for video conferencing, in which the same signal is to be sent to several participants. Similarly, it is used in IP distribution of video (IPTV). If one router needs to pass messages to several other routers, it can do so using multicast addresses. Broadcast addresses are a special case of multicast addresses. They identify all interfaces on a network. The use of broadcast addresses is discouraged.
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP) is a layer 3 (network) protocol, but it sends its messages inside IP datagrams. The next header field (see Figure 5.14) identifies ICMP. ICMP coordinates many aspects of the operation of a network, including controlling address assignments, reporting errors, and providing diagnostic support.
Router discovery is one important function it performs. This allows hosts (any device on a network) to discover what routers are connected to the network. Periodically, routers send router advertisement messages to all systems on the network. The router advertisement message includes the address of every router known to the sending router and a relative preference value. When possible, all hosts should select the router with the highest preference value. The message also includes a lifetime field. If a host doesn't hear from a router within that lifetime (typically 30 minutes), it must assume that the router is no longer available. The router advertisement messages are sent more frequently than this.
Just knowing the addresses of all routers on a network does not ensure that a host will direct a message to the router that is the best path to the destination. It selects a router to which to send the message. If it selects the wrong router, that router redirects the message to the correct router and also sends an ICMP redirect message to the host, saying, in essence, “Next time you want to send a message to this host, send it to this other router, not to me.”
Internet Group Management Protocol (IGMP)
Like ICMP, Internet Group Management Protocol (IGMP) is a protocol in its own right, but it is an integral part of any IP implementation. Hosts use IGMP to announce (and later renounce) their membership in groups. Routers listen to these messages to track group membership. They then know how to forward datagrams addressed to groups.18
Dynamic Host Configuration Protocol (DHCP)
IP addresses are assigned to individual hosts, that is, all computers on a network. These IP addresses may be taken from public IP addresses, or, since IPv4 has a limited address space, most machines that don't have need for a public address are assigned private IP addresses owned by the network to which the host is attached. This allows reusing addresses on the Internet and simplifies the management of the network. IP addresses may be assigned manually to hosts, or they may be assigned automatically. Automatic assignment is usually preferable when possible.
The protocol used to assign IP addresses is the Dynamic Host Configuration Protocol (DHCP). When a host, such as your PC, comes up on a network, it asks for an IP address if it has not been assigned a permanent one. The host sends a DHCPDISCOVER packet. Connected somewhere to the network is at least one DHCP server, whose job it is to assign IP addresses to hosts. When a DHCP server receives a DHCPDISCOVER packet, it returns a DHCPOFFER packet containing an IP address and other information. It is possible for more than one DHCP server to be resident on a network, in which case the host receives more than one offer. It selects one and sends a DCHPREQUEST message to that server. Assuming the offer is still valid (for example, the IP address has not been assigned to another host in the meantime), the DHCP server returns a DHCPACK (DHCP acknowledgment) message.
Once the host receives the DHCPACK message, that IP address belongs to it for the duration of the lease, that is, the time for which the DHCP server has said that the address is valid. Before the end of a lease, the host must request another IP address by starting the process again. The lease allows an IP address to be placed back in the pool of available addresses if the host goes away for any reason, such as a power-down.19
Both for high-speed local connectivity over longer distances, and to facilitate remote access and access to cloud services generally, networking protocols have to offer the ability to communicate over IP. Some systems offer gateways for this and some offer it natively, especially the newer wireless systems. Of particular interest in relation to this is how all the services that can be accessed over IP can be brought together in an efficient and meaningful way for the consumer in the domestic environment. It has long been envisaged that the home would contain a hub that was the entry point and manager of these services, and clearly standards are required if such hubs are going to operate easily and reliably.
The Internet Protocol (IP) is the basis for the global Internet. IP provides transportation for upper-layer protocol information from one computer system to one or more destination computer systems. This transportation is not reliable, rather IP provides an unreliable datagram service. If reliability is required, it needs to be provided by upper-layer protocols, such as TCP.
2.1 IP Addressing
Each IP datagram contains a Source Address and a Destination Address. The Destination Address in a given IP datagram is used to route that datagram to its destination(s). IP supports both unicast (i.e. point-to-point) and multicast (i.e. one-to-many) transmissions. Because people find it inconvenient to remember IP addresses, the Internet developed a naming system, the Domain Name System, which can be used by applications to automatically map from easily remembered names (e.g. ftp.ietf.org) to the IP address(es) corresponding with that name. The Domain Name System (DNS) is discussed in a separate section later in this chapter.
The current Internet relies on EP version 4 (IPv4), which has 32-bit addresses [76]. The IETF is developing IPv6, which has 128-bit addresses, as a proposed replacement for IPv4 [26]. The Internet layer includes not only the Internet Protocol itself, but also the Internet Control Message Protocol (ICMP), which provides network control messages essential for proper operation of the global Internet [70].
Unicast applications that require end-to-end reliability use the Transmission Control Protocol (TCP) at the transport-layer [71]. Other applications, including multicast applications, typically use the User Datagram Protocol (UDP) at the transport layer [68]. UDP does not provide reliability, but is capable of working well with IP multicasting.
2.2 Threats and Issues
There are a number of risks at the Internet layer or just below the Internet layer. This section describes some of these threats. Subsequently possible protection mechanisms for those threats will be described. Threats involve not only unicast traffic [10] but also multicast traffic [9].
For example, on LANs the Address Resolution Protocol (ARP) is used to resolve an Internet-layer address into a MAC-layer address (e.g. Ethernet address) [74]. ARP operates using a simple unauthenticated request/response protocol. A node desiring to know the MAC address for a given IP address sends out an ARP request packet. Any device on that LAN segment may send an ARP response providing the answer. Although one typically wishes for the destination host to be the only responder, there is no protection against an adversary on that LAN from providing a false response that would redirect a victim’s traffic to the adversary. Similar attacks are feasible using extensions to ARP such as Inverse ARP, where a host knowing its MAC address seeks to discover its IP address, and Proxy ARP, where a gateway responds on behalf of a node not on that IP subnet [13].
In normal operation, ICMP messages are used to redirect traffic from one host or gateway towards another host or gateway. Similarly, an ICMP Unreachable message is normally used to indicate that a particular destination is currently not reachable. However, a forged ICMP Unreachable or ICMP Redirect message can also be used to implement a denial of service attack on a victim. Because ICMP messages are at the Internet layer, an Internet-layer security mechanism can be used to protect ICMP from use as an attack vector. While IPv6 uses a slightly different set of ICMP messages than IPv4, the basic design remains the same [22].
Finally, the ICMP Router Discovery system has issues similar to those with ARP [25]. In ICMP Router Discovery, a host seeking its gateway sends out an ICMP Router Solicit message. Normally, each gateway on that IP subnet will then send an ICMP Router Advertisement message. The initial host then configures a gateway based on the Router Advertisements that it receives. If an adversary were to forge an ICMP Router Advertisement message, the initial host could be fooled into sending its outbound traffic to the adversary instead of to its legitimate gateway. This could be used to eavesdrop on victim traffic or to implement a denial-of-service attack. A crucial difference between the ARP attack and this attack is that ICMP could be protected if cryptographic authentication were available at the Internet layer, whereas ARP cannot be protected via Internet-layer security mechanisms.
As the IETF worked to design IP version 6 (IPv6), consideration was given to designing a protocol that would be easier to secure from these kinds of attacks. For example, ARP was dropped completely for IPv6. Instead, IPv6 uses a system known as Neighbor Discovery (ND) when hosts need to discover each other’s MAC addresses [65]. ND includes an IPv6 version of Router Discovery, thus eliminating any need for ARP or its relatives. Because ND is based on ICMP messages, ND can be fully protected via Internet-layer authentication mechanisms. However, most of the issues that affect IPv4 also affect IPv6.
Many organizations operating IP-based networks use packet filters at their administrative boundaries to reduce risk of breakins from outside their network. These packet filters are sometimes referred to as firewalls, even if a full-blown firewall might not be in use. Alternately, many hosts now employ address-centric access control lists to reduce risk of intrusions [86]. Such packet filters commonly use the Source IP Address, Destination IP Address, upper-layer protocol (e.g. TCP, UDP, or ICMP), Source Port, and Destination Port information to make policy decisions. All of these items are present in either the IP header or in the upper-layer protocol (e.g. UDP or TCP) header. However, it is not difficult to forge an IP packet. In the absence of per-packet cryptographic authentication, an adversary can often get past a packet filtering firewall using forged IP packets. If per-packet cryptographic authentication were used, this kind of attack would not be possible. Moreover, cryptographic security mechanisms at the IP layer could be used to protect upper-layer protocols and applications without changing the upper-layer technology.
In addition, there are a variety of attacks on upper-layer protocols (e.g. TCP) that can be precluded by the use of cryptographic authentication at the IP layer. These include TCP SYN flooding [20], TCP Sequence Number prediction [62], and others [10]. UDP Port Flooding attacks and forged ICMP Redirect attacks can also be protected using cryptographic authentication at the IP layer [19, 58]. A non-cryptographic approach to precluding TCP Sequence Number prediction has been identified [11].
IP is generally configured on several protocol layers. It identifies lost information and errors and triggers retransmissions. It offers to support the connectivity, routing, and transport services that are required for microgrid applications. However, it increases the needed layers in the protocol definition and consequently the data processing time. IP can be used for nonreal-time applications.
The general procedures of the IP working principles (Fig. 10.2):
Figure 10.2. The block diagram of the IP network-based application.
Step 1: data are broken into packets.
Step 2: as per IP protocols, the packets travel from router to router.
Step 3: the packets are reassembled into the original whole.
Ethernet defines how devices can be physically connected. But users do not know the Ethernet addresses of the devices providing the services they wish to use. More intelligence is needed to separate out the physical addressing, replacing it with logical addressing that an administrator can decide on, and allow multiple physical networks to be connected. The Internet Protocol (IP) defines how this addressing and packet formatting is to occur.
IP was originally specified in RFC 791 and expanded upon later, and comes in two versions: version 4 (IPv4) and version 6 (IPv6). The two main concepts for IP are the IP address and IP frame.
4.1.1.2.1 IPv4
IPv4 is the version used most often on the Internet today, by a wide margin. IPv4 uses a four-byte address written out as dotted decimal numbers, such as 192.168.0.1. These addresses are given out by an international agency in blocks for large organizations to use. Generally, individual IP addresses are provided to organizations by their Internet service providers. Ranges of addresses tend to be specified using the slash notation. For example, 192.168.0.0/16 means that the upper 16 bits are what was written, and the rest are within the range defined by allowing the remaining lower bits to be set to any value.
Of the 32-bit address space, some of the addresses have special meanings. The 127.0.0.0/8 address range is for loopback networking, and, when used as a destination, are kept internally to the machine that is doing the sending. This allows an IP device to send packets to itself. The 169.254.0.0/16 range is for link-local addresses, meaning that their use cannot extend past the Ethernet switching network they are used on. In addition, 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are all private addresses. These are the addresses most commonly used in voice mobility networks within the enterprise. They are not valid on the public Internet itself, but are designed for private networks based on IP. The 224.0.0.0/4 network is used for multicast traffic: each address is a different multicast group. Finally, the 255.255.255.255 address is the link-local broadcast address, meant to go out to all devices on the Ethernet switching network (and using the FF:FF:FF:FF:FF:FF Ethernet broadcast address for the underlying packet).
IPv4 runs on Ethernet by setting the Ethernet type to 0x0800. The IP packet has a header and payload, as shown in Table 4.3.
Table 4.3:. IPv4 Packet Format
Version/Header Length
TOS/DSCP
Total Length
Identification
Fragment
TTL
…
1 byte
1 byte
2 bytes
2 bytes
2 bytes
1 byte
…
Protocol
Header Checksum
Source
Destination
Options
Data
1 byte
2 bytes
4 bytes
4 bytes
variable
n bytes
The Version/Header Length field is specified in Table 4.4. For IPv4, the version is always 4. The header length measures how long the header is (up to the data field), in four-byte increments. The Type of Service/Diffserv Code Point (TOS/DSCP) field is used to specify the quality-of-service properties of the packet. The Total Length measures the entire length of the packet, and will come into play with fragmentation. The Identification field is used to track which fragments belong to the same overall packet; between separate packets, most devices tend to increment this by one, although this is not required. The Fragment field specifies what the offset is for this fragment in the entire packet. The TTL (Time To Live) field is used for forwarding, and specifies how many times this packet can be forwarded before it is dropped. The Protocol field specifies what higher-layer protocol is used on top of IP for this packet. The Header Checksum is a literal one's complement 16-bit sum of the header of the packet, and is used to detect if the underlying network flips a bit by mistake. (The Ethernet CRC is adequate for that purpose, so this field, although always set and always checked, is not terribly useful.) Finally, to the interesting information. The Source and Destination fields hold the IP addresses of the originator and final destination of this packet. The header ends here, and is followed by the next protocols headers or data. This entire set of bytes is the payload of the underling Ethernet frame.
Table 4.4:. The Version/Header Length Field
Empty Cell
Version
Header Length
Bit:
0–3
4–7
IP is designed to be relayed, or forwarded, between computers, across different network segments, and across the world if needed. This is the major distinction for IP, as it has allowed the Internet to be constructed from an assembly of smaller networks. The idea is that any IP-connected device that has multiple links can forward messages if configured to do so. Each link has its own IP address, as required. When an packet comes in for an IP address that is not that of the machine (how that happens will be mentioned in a moment), the device will look up a routing table to find out where the next machine is that this packet needs to go to. IP forwarding works on the concept of longest-prefix matching. Because there are too many IP addresses for a machine to know about, and because the IP address space tends to be organized in ranges, the forwarding device (a router in this context) looks up a series of routing rules that it has configured. Each routing rule is set up as a network prefix (as specifiable by slash notation), and the IP address of a machine that is on one of the links the router has. This address is the next hop. Because a destination address might match more than one rule, the one rule that matches the most leading bits—the longest prefix—will win, and that next hop will be used.
This concept of next hops explains why a router or machine may get a packet for a different destination IP address than it uses for itself. If another machine is set up to forward packets to it—and any machine can be set up to forward to any other, without restriction, so long as both are on the same switching network—then the first machine will get packets for other devices. The concept of prefix routing makes sense when you think of most enterprise routers. Enterprises, all but the largest, usually have a limited number of address ranges that are used locally. All of the rest, every other one, is out on the Internet. Connecting the enterprise to the Internet is one Internet router. The enterprise routers thus need only to have forwarding rules for the address ranges that they have in the enterprise, plus one route, called a default route, that tells the IP address of the Internet router. This default route uses a 0.0.0.0/0 prefix, meaning that every address matches, because the prefix is trivially short. Therefore, longest-prefix matching ensures that the default route matches last. Nonrouters will normally only have this default route, because they will not forward other devices’ traffic. In this way, locally generated traffic is forwarded, even when other traffic will not be. The final bit of information to know is that not all traffic is forwarded on to next hops. Each link into the system has not only an IP address but a subnet mask, or a prefix that specifies what other IP addresses are directly on that link. For example, using the same slash notation, 192.168.10.20/24 states that the IP address of the link is 192.168.10.20, and all IP addresses starting with 192.168.10 are directly on the link, and do not need to be routed to the next hop. Those direct-link addresses belong to the same subnet. Every time the frame is forwarded, the TTL is reduced by one. Once it hits zero, the packet is dropped, rather than forwarded. Nothing else is modified while the packet is forwarded—the source and destination addresses are always those of the originator and the final destination of the packet.
Because IP runs on top of Ethernet, there must be a way to map IP addresses to Ethernet addresses. Every IP address has an Ethernet address—that of the Ethernet device the IP address was assigned to. When a sender needs to send out an IP packet, and it has used its forwarding logic to figure out which link the next hop or final destination is on, the sender needs to use a resolution protocol to ask the devices on the network for which one has the IP address it needs. The protocol is called the Address Resolution Protocol (ARP). ARP runs on a different Ethernet protocol type 0x0806. The idea is that each sender maintains an ARP cache. This cache stores the Ethernet address that is known for a given IP address. The cache is updated whenever another device sends a packet to the first one, as the Ethernet source address is assumed to be bound to the IP source address, so long as that IP address is on the same subnet. However, if the cache does not have an address mapping that is needed, the sender will send an ARP request to the network. These ARP requests are broadcasted using Ethernet, and any device that receives the ARP request and has that IP address is required to respond, unicast to the ARP sender, acknowledging the binding with another ARP message. The format of an ARP message is shown in Table 4.5.
Table 4.5:. ARP Message Format
Hardware Type
Protocol
Hardware Size
Protocol Size
Opcode
…
2 bytes
2 bytes
1 byte
1 byte
1 byte
…
Sender Ethernet
Sender IP
Target Ethernet
Target IP
6 bytes
4 bytes
6 bytes
4 bytes
For Ethernet networks, the Hardware Type is always 1, and the Protocol Type is always 0x800. The Hardware size is the length of the Ethernet address, 6. The Protocol Size is the length of the IP address, 4. There are two opcodes: 1 is for a request, and 2 is for a reply. Finally, the addresses state the mapping that is requested or being answered for. When a machine requests to find out which other device has an IP address, it will send its Ethernet and IP addresses as Sender, and the IP address it is looking for as Target, with the Target Ethernet set to 0. The respondent will fill in its Ethernet and IP address as sender, the original requester's Ethernet and IP as target, and then send the response back.
With ARP, the binding of IP addresses to Ethernet addresses can be dynamic and changing.
Earlier, the concept of fragmentation was alluded to. IP provides a service that lets a packet be split across a number of smaller packets. The reason for this is that IP is meant to be carried over a wide variety of link-layer technologies, not just Ethernet, and those technologies may have a different maximum payload size. To make sure that a packet that is of a valid length that is sent in one network can arrive safely at the other, the concept of fragmentation was introduced. The router, or sender who has a packet which is too large, and which does not already have the “Do Not Fragment” bit in its Fragment field set, will divide the packet into two or more smaller ones, each with a copy of the original IP header. The data fields will be the individual segments, with the offset of the first byte of the data field from the start of the original (or reassembled) packet being given in the Fragment field. The fragments are sent over the network, and the receiver is required to reassemble all of the fragments before sending it up to the higher layers. The receiver knows that it has reached the end of the fragment chain by looking at the “More Fragment” bit in the Fragment field. The last fragment will not have that bit set. All fragments of an original packet share that packet's original Identification field. The maximum size of an IP packet, including all headers, is 65,535 bytes.
IP, like most other packet networking technologies, makes no guarantees as to whether a packet will arrive at its destination. Packets may arrive with arbitrary delays, and may even come out of order (although this is to be discouraged). This best-effort delivery guarantee—the network will try, but will not commit resources up front—is key to IP's success. It, unfortunately, also runs counter to the goals of voice.
Clearly, IPv4 is the bread-and-butter protocol for voice mobility. What was presented here was a brief, high-level survey, and readers are encouraged to fill any major gaps in understanding before undertaking major roles in voice mobility networks.
4.1.1.2.2 IPv6
IPv6, specified in RFC 2460, was created to address a few design issues with the previous IPv4. The major issue to be addressed is the limited number of IPv4 addresses. As the Internet grew, many devices that were not counted on originally to have networking support were given it, and IP addresses were allocated in large chunks to organizations, whereas many of the later addresses in the chunks went unused, being reserved for future growth. The people behind IPv6 decided, not without controversy, that more addresses were needed. As a result, they created the most defining feature of IPv6.
Each address in IPv6 is 128 bits. The address fields are split up into very large ranges and subfields, with the understanding that these large fields are to be used to simplify network allocation. IPv6 addresses are written in hexadecimal notation, rather than decimal, and are separated every four digits by colons. For example, one address might be 1080:0:0:0:8:800:200C:407A, where it is understood that leading zeros can be omitted. There is a shortcut, as well, where long ranges of zeros can be written with the double colon, ::. Thus, 1080::8:800:200C:407A specifies the same address as the earlier one.
As with IPv4, there are a few ranges, specified in slash notation, which are set aside for other purposes. The address ::1 represents the loopback address. Addresses of the form FE80::/10 are link-local addresses. Addresses of the form FC00::/8 are private addresses. The multicast address space is of the form FF00::/120. Finally, for backward compatibility, IPv6 specifies how to embed IPv4 addresses into this space. If the left 96 bits of the address are left zero, the right 32 bits are the IPv4 address. This allows the machine using 192.168.0.10, say, to use the IPv6 address ::192.168.0.10 (they allow the dotted decimal notion just for this). This means that the machine ::192.168.0.10 understands and can receive IPv6, but was assigned only an IPv4 address by the administrator. On the other hand, machines that speak only IPv4 and yet have had packets converted to IPv6 by some router are also given an address. If 192.168.0.10 belonged to this group, it would receive the IPv6 address ::FFFF:192.168.0.10. The FFFF is used to signify that the machine cannot speak IPv6.
The IPv6 header is given in Table 4.6.
Table 4.6:. IPv6 Packet Format
Version/Flow
Payload Length
Next Header
Hop Limit
Source
Destination
Options
Data
4 bytes
2 bytes
1 byte
1 byte
16 bytes
16 bytes
optional
variable
The Version/Flow field (Table 4.7) species important quality-of-service information about the flow. The version, of course, is 6. The Traffic Class specifies the priority of the packet. The Flow Label specifies which flow this packet belongs to. The Payload Length specifies how long the packet is from the end of the IPv6 header to the end. Thus, this is the length of the options and the data. (Note that, in IPv4, the options are counted in the header, not the payload.) The Next Header field specifies the type of the header following the IPv6 header, or if there is no IPv6 option following, then this specifies the protocol of the higher-layer unit this packet carriers. The Hop Limit is the TTL, but for IPv6. The Source and Destination addresses have the same meaning as in IPv4.
Table 4.7:. The Version/Flow Field
Empty Cell
Version
Traffic Class
Flow Label
Bit:
0–3
4–11
12–31
IPv6 is routed in the same way as IPv4 is, although there is a lot more definition in how devices learn of routes. In IPv6, devices are able to learn of routers by their own advertisements, using a special protocol for IPv6 administrative communications (ICMPv6, as opposed to ICMPv4 used with IPv4).
IPv6 is a major factor in government or public organization networks, and has an impact in voice mobility in those environments. Many private voice mobility networks, however, can still safely use IPv4.
The Internet Layer (L3) controls the operation of packet transmission by assigning addresses to nodes and routing frames along physical paths. The Internet Protocol (IP) is the most widely implemented networking layer protocol. Although the Internet is based on IP, the protocol is also used on networks unrelated to the Internet. IP enables end-to-end smart microgrids applications to communicate to any two endpoints that have at least one or more networks providing a data path between them by using various networking technologies, i.e., IP can operate independently of the underlying physical media, L1 and L2 layers. This characteristic provides interoperability among third-party non-compliant end devices and compliant communications networks. This allows much greater flexibility for interoperability as utilities implement their Smart Microgrid network. Therefore it plays a vital role in unifying the information while allowing utilities to select the communications technologies and end devices (meters, IEDs, etc.) that make the most sense for them. Network interoperability is indispensable in order to achieve an overall optimal system operation and connectivity, independent from the used physical medium, the type of devices and the manufactures [68].
IP is available with either of two versions (IPv4 and IPv6). In both versions, every system (node or endpoint) is identified by its unique network layer address, but the main difference between both IP versions is their respective host addressing systems: IPv4 uses 32-bit, whereas IPv6 uses 128-bit addresses. However, the version of IP currently deployed in most microgrid networks is IP version 4 (IPv4). Despite of this, microgrid network planning should consider future migration to IPv6, because the distributed energy resources (DERs) in the grid may need their own individual IP-address in the future. Currently, many investor-owned utilities have millions of electric meters installed. Other devices must be additionally considered, including an important amount of electric vehicles as potential roaming users in the future. That means that IPv4 might not have enough IP addresses for each of these large number of endpoints [69]. Additionally, multicasting is supported by IPv6 and introduces new features to QoS capabilities [70].
